"Malware automatically quarantined" [/nextcloud/apps/news/vendor/....(readability)...]

[LeeteqXV]

Related issue: nextcloud/news#1321

Email notification on a cPanel based host where NC is installed via Softaculous, and the News app is enabled from the main apps page inside the NC instance, from the official repository provided there.

The email alert contains this information:

"We have detected malicious PHP script(s) within your web hosting account. To prevent system abuse, our system has automatically quarantined these file(s). This concerns the following:

Generic:HTML/Seospam.B (Generic)
/home//nextcloud/apps/news/vendor/andreskrey/readability.php/test/test-pages/yahoo-4/source.html

Existence of these scripts generally points to third parties having gained access to your web hosting account either by having exploiting a vulnerability in one of the software packages you are using or by a compromised password. We strongly recommend you check your hosting account for other files that appear out of place, which our automated detection system might have missed."

System Information

• NC server News app version: 15.3.2
• (ref. https://github.com/nextcloud/news/blob/master/CHANGELOG.md )
• Android News app version: 0.9.9.50 (irrelevant?)
• Nextcloud version: 20.0.7 (irrelevant, AFAICS)

PS. I have not added/activated any Yahoo news sources, hence this malware report is seemingly happening in the software "by itself"(?), not because of any user actions, so I am therefore reporting this both in the news app project and in the "readability" project, as I am unsure where this should be handled.

[andreskrey]

Definitely a false alarm. Unless you're exposing the test folder of one of your dependencies, it's safe to ignore this alert.